A study of over 200 C-level British executives has found a significant gap between industry expectations and government cyber-security performance. According to Cebr, the Centre for Economics and Business Research, a UK commentator on economics and business trends, and the web security product company Veracode, some 60 per cent of CTOs feel the government is not doing enough to prevent cyber-attacks. The top three concerns of UK business executives are breach costs (including forensic, cleanup and legal costs), reputation and brand damage, and lost revenue due to downtime.
Cyberattacks pose a serious financial threat to the UK economy, according to the report. Cyber-crime and other attacks cost UK businesses a total of £34 billion per year, consisting of £18 billion in lost revenue and £16 billion on increased IT spending as a result of breaches. The issue is widespread, according to the Department for Business, Innovation and Skills (BIS), which found 81pc of UK business suffered from a breach in 2014.
With cyberattacks predicted to cause much more damage in the future, according to the Royal United Service Institute (RUSI), businesses aren’t waiting for the government to rescue them. More than half (57pc) of CEOs hold themselves accountable for major cybersecurity incidents, and 88% of businesses have increased their annual IT spending following a cyber-security breach. However, 70pc of CTOs also believe their current cybersecurity policies stifle innovation, which potentially indicates a need for more streamlined and automated risk assessments.
Surprisingly, respondents listed theft of corporate intellectual property (IP) as their sixth priority (second from last) in terms of top cyber-security concerns. This is in stark contrast to US perceptions, where board members ranked theft of IP – leading to loss of competitive advantage – amongst their top three cyber-security worries. The UK result may indicate a lack of awareness by UK executives, given that a third, 34pc of cyber-crime in UK businesses is thought to be tied to theft of intellectual property.
Adrian Beck, Veracode’s director of enterprise security program management, said: “The UK economy is under siege from cyberattackers and the UK government should look to other successful private/public partnerships – such as Swiss banking regulations, German data privacy laws and US breach disclosure laws – as a model of how to improve the situation for us all. For example, disclosure laws would require firms to report breaches in a timely fashion, thereby protecting consumers from identity theft and encouraging companies to implement best practices when dealing with cybersecurity.”
